These days everyone should be using encryption for all internet traffic. Since Amazon has preconfigured their RDS instances to support secure connections we just need to make sure we utilize the provided PEM certificate when establishing a connection to our RDS instance. Using this blog post I was able to adapt the shell script into single line RUN commands in my Dockerfile to download the amazon certificate, split it, and import it into the keystore. There are some additional commands to create and cleanup the working directory but the important parts are explained below.

Download the AWS CA certificate bundle for Amazon RDS databases:

RUN wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem

In order to establish a secure connection from a Java microservice I am adding ?verifyServerCertificate=true&useSSL=true&requireSSL=true to the JDBC connection string in my Java app's application.yml/application.properties file: